package com.orion.config;

import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @author Administrator
 * @date 2021/8/24
 */

//测试doubleLogin注释掉
//@Configuration
@Order(1)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/css/**","/js/**").permitAll()
                .anyRequest().authenticated()
                .and()
                //如果你没有设置loginProcessingUrl()，那么默认的用户名密码后端校验逻辑的URL跟loginPage对应的地址一致
                //loginProcessingUrl(xxx)中xxx对应页面action的值
                .formLogin().loginPage("/myLogin").permitAll()
                .usernameParameter("uname")
                .passwordParameter("pwd")
                /*
                 * https://blog.csdn.net/qq_34975710/article/details/110232128
                 * 区别 successForwardUrl 和 defaultSuccessUrl
                 */
                //.successForwardUrl("/index")
                .defaultSuccessUrl("/index")
                .and()
                .logout().logoutUrl("/logout").permitAll().logoutSuccessUrl("/myLogin?logout")
                .and()
                .httpBasic() //可以去除auth basic 64 方式
                .and().
                csrf().disable();
    }
}
